SpiderOak is unsafe

From Smith family
Jump to: navigation, search

SpiderOak seems like a good idea: online backup of your files, synchronised across your devices, with the data stored securely and unable to be read by SpiderOak employees and government.

Unfortunately, it's no good if the backup service deletes your files behind your back.

I was a user of their free service for a while. I'd over doubled my free storage through referrals to friends and family. It was about time to pay over some money for a useful service. I was just about to take advantage of their offer of unlimited storage for US$125 p.a. when the problems started.

On 27 March 2014, I noticed that several files in my synced folder now have sizes of zero bytes. The files themselves are present, with the same names and permissions, just no content. 139 files are affected across the several directories I synchronise. It's not clear when this problem occurred, but I think it was about 12 March. When I restored the affected files from my own backup, SpiderOak deleted them again.

I contacted SpiderOak support, expecting a speedy resolution to my problem. I didn't get it.

I have to consider both SpiderOak and Encryptr (based on SpiderOak's engine) as unreliable places to store data. I recommend you don't use either. Wuala seems to be better.

Timeline

27 March 2014 I report the problem to SpiderOak and receive their automated acknowledgement.
28 March 2014 [Person A] from SpiderOak customer relations contacts me and asks for copies of basic logs. I send them over.
29 March 2014 [Engineer B] from SpiderOak contacts me to acknowledge receipt of the logs and says they'll contact me soon with an update.
2 April 2014 [Engineer B] says that there will be a delay in addressing my problem and credits me with some additional storage. I say that I was planning to move to the paid plan when the problem started and still intend to do so when the problem is resolved.
18 April 2014
(Nearly one month after the initial report)
[Engineer B] responds and credits me with some additional storage.
17 May 2014
(Nearly two months after the initial report)
I contact [Engineer B]. He apologies for the delay in addressing my problem and says it's been now a priority and now passed to [Senior Engineer C]. [Engineer B] credits me with more storage. I hear nothing from [Senior Engineer C].
23 May 2014 I contact SpiderOak asking for a progress report. I get no response.
29 May 2014 I contact SpiderOak asking for a progress report. I get no response.
9 June 2014 I'm now fed up with the lack of response from SpiderOak. I make a public post on their blog and other social media, again explaining that I'm willing to pay for their service if it's reliable. [Person D] from customer relations and [Engineer E] contact me independently to express sympathy with my frustration.
11 June 2014 [Engineer B] contacts me and says that [Senior Engineer C] requires more information and asks me for additional logs. I send them over.
13 June 2014 [Senior Engineer C] contacts me to acknowledge receipt of the additional logs and says it will take him a while to go through it.
20 June 2014 I contact SpiderOak asking for a progress report. I get no response.
27 June 2014
(Three months after I raised the ticket)
I contact SpiderOak again asking for an update. This time I cc the two founders.
Three hours later, [Senior Engineer C] contacts me with his suspicions of the cause of the problem (it may be related to a bug in the Windows client). He offers me a new account with SpiderOak (the first time this is offered as a fix).
I offer to do whichever helps SpiderOak get to the bottom of the problem.
30 June 2014 [Senior Engineer C] asks me to hold on for an additional four days while he investigates further.
8 July 2014 [Senior Engineer C] asks me to wait for another couple of days, citing delays caused by US holiays. "I'm trying to have a conclusion on your ticket very soon," he says
13 July 2014 I contact SpiderOak asking for a progress report. I get no response.
17 July 2014 I contact SpiderOak asking for a progress report. I get no response.
19 July 2014 [Senior Engineer C] apologies for the lack of progress.
25 July 2014 [Engineer B] contacts me and offers to set up a new account. I accept.
30 July 2014
(Over four months since the original report)
[Engineer B] tells me the new account is ready. However, the new account does not have even my original space allocation, let alone the bonus storage I've gained throughout this problem "resolution." This means the new account isn't useful.
1 August 2014 I contact SpiderOak asking for my storage to be allocated to the new account. I get no response.
6 August 2014 I contact SpiderOak asking for my storage to be allocated to the new account. I get no response.
8 August 2014 I contact SpiderOak asking for my storage to be allocated to the new account. I get no response.
11 August 2014 My new account is finally credited with my storage. I add my files to it. SpiderOak immediately deletes some of them again. I raise a new ticket with SpiderOak and add a comment to the old one. I collect the basic and additional logs and send them in.
16 August 2014 I contact SpiderOak asking for a progress report. I get no response.
20 August 2014 I contact SpiderOak asking for a progress report. I get no response.
2 September 2014 I contact SpiderOak asking for a progress report. I send a copy to SpiderOak's founders. I get no response.

At this point, I gave up.

Conclusion

This whole saga took over five months to play out. The problem was not fixed. SpiderOak continues to delete arbitrary files from its backup, and does so silently. This is not good behaviour from a service that depends on its reliability and trustworthiness for its use.

If my problem was related to a bug in the Windows client, it seems that bug still exists.

SpiderOak seems to have no interest in helping non-business customers, or in converting their enthusiastic users into paying customers.

If you're using SpiderOak for backups, I suggest you check that all your files still contain what you thought they did. It's not enough to just check whether the file exists: you have to check that the file contains the data it should.

The Encryptr "secure" password locker is based on SpiderOak's technology. Unfortunately, that means I also consider it unreliable.

I no longer use SpiderOak and I recommend you don't either.

I'm now paying Wuala for a secure backup and synchronisation service. I've had a couple of questions for them and have had very quick and full responses from them. I'm a satisfied customer of theirs.